We Must Automate Cyber Threat Defense to Survive

On January 23, 2017 President Trump issued an executive order placing a freeze on the hiring of federal civilian employees across the executive branch. The freeze applies to all executive departments and agencies, regardless of the sources of their operational and programmatic funding, with the exception of military personnel.

In a time of ever-increasing IT complexity, government agencies are continually being asked to do more with less. Agencies have smaller budgets, less time and fewer qualified personnel than ever before.

Cybersecurity professionals are faced with the daunting task of increasing overall protection, increasing incident response capacity, and reducing incident response times while attack vectors and technology multiply exponentially. Further reducing the talent pool of available and qualified cybersecurity professionals via the executive order will only exacerbate an already dangerous problem.

Taken together, this raises an important question: what can be done to shore up defenses when resources are fewer and farther between? While the executive order may reduce the ability to bring on new staff, nothing in the memorandum restricts agencies from changing tactics to make the most of a tough situation – in fact, that may well be the goal. There is no better time than now for agency leadership to re-evaluate their current cybersecurity posture and consider what the future could look like with increased automation and orchestration from a software platform focusing on the endpoint, cloud, hybrid data centers and threat management.

Hiring freeze or not, we must automate cyber threat defense to survive.

If the complexity of the modern cyber threat landscape were not enough to challenge even the most skilled cyber professional, the volume of new threats emerging by the minute can overwhelm anyone. Across the board, security teams are clearly faced with a mismatch between staffing and the growth in number and sophistication of threats. That gap is compounded by tools that force analysts to manually connect the dots across them, which takes even more time and effort.

Only Automation can optimize staff resources. Working with McAfee’s managed security service allows critical IT and security staff to refocus on agency priorities and get back to the mission while trusting that infrastructure is secure. All this while reducing costs and complexity in the environment.

Deeply automated security systems are critical to help solve that problem. They help eliminate routine tasks, enable faster new hire onboarding and free your strongest talent to tackle your hardest problems. We expect automation to reduce manual effort by up to 70 percent and automation and orchestration to reduced dwell time from days to less than 24 hours when using a real-time analytics platform integrated with defensive cyber tools.

Our focus is to create and integrated security system that automates the threat defense lifecycle so customers can address more threats faster with fewer resources. Here is what we mean:

Integration: We are combining point products and features into integrated security systems using common platforms. This is evident in the four security systems. Each combines the capability from three or more point products into a single system. We deliver this integration and management level with McAfee ePO software and threat intelligence sharing through our open sourced Data Exchange Layer.

Automation: With integration as our foundation, we then build in closed-loop automation. This automation delivers more accurate detection, faster remediation, and closed-loop protection. These benefits increase directly with the breadth of products and technologies that we integrate–whether our own or from other security providers.

Orchestration: With more of your organization freed up through automation, we then proceed to orchestration. While automation is at the tool level, orchestration is at the system level. Orchestration not only drives actions, but also coordinates teams and accelerates investigation. The gains across both security effectiveness and team efficiency are dramatic, which is why this is the ultimate goal of both integration and automation.

Fundamentally, we have created these integrated and automated security systems because we believe that protection, detection and correction are better when they are planned and operate together. The threat lifecycle of integrated security builds the best protection technology possible, finds and contains advanced threats and rapidly remediates them, while adapting protection technologies to do a better job of blocking the next threats. Organizations with an integrated security platform are 30 percent better protected, and we want you to be a part of that statistic.

There is power when we bring the right tools together; share threat information between organizations, not as competitors, but as professionals pursuing the same goals; and work together towards more secure enterprises in the public and private sectors. A hiring freeze in the federal government might present a challenge, but every challenge is an opportunity to grow and improve.

By working together across agencies and across the industry, we stand a far greater chance of securing our networks. By automating our systems, we increase the speed and accuracy of our responses. By sharing threat intelligence information, we can all learn together.